Luciafer, You Clever Little Devil!

Challenge:

Luciafer gains access to the victim's computer by using the cracked password. What is the packet number of the response by the victim's system, saying that access is granted? >Submit the flag as: flag{#}.

NOTE: Use the packet response from her login, not from the password cracker.

Use the PCAP from Monstrum ex Machina

Solution:

From the Release the Crackin'! challenge we know the login occurred over FTP and the password was darkangel. We apply a Wireshark filter for FTP in combination with a string search for the password:

The first identified packet with "PASS darkangel" is from the brute-force tool and second one (#159764) is Luciafer's login. The challenge specifically asks for the response packet, which would be the subsequent one after PASS.

The accepted flag was, flag{159765}